﻿@{
    // Set the layout page and page title
    Layout = "~/_SiteLayout.cshtml";
    Page.Title = "Password Reset";

    var newPasswordError = "";
    var confirmPasswordError = "";
    var passwordResetTokenError = "";
    var passwordResetToken = Request.Form["resetToken"] ?? Request.QueryString["resetToken"];
    var disabledAttribute = "";

    bool isValid = true;
    bool tokenExpired = false;
    bool isSuccess = false;

    if (IsPost) {
        var newPassword = Request["newPassword"];
        var confirmPassword = Request["confirmPassword"];

        if (newPassword.IsEmpty()) {
            newPasswordError = "Please enter a new password.";
            isValid = false;
        }

        if (confirmPassword != newPassword) {
            confirmPasswordError = "The password confirmation did not match the new password.";
            isValid = false;
        }

        if (passwordResetToken.IsEmpty()) {
            passwordResetTokenError = "Please enter your password reset token. It should have been sent to you in an email.";
            isValid = false;
        }

        if (isValid) {
            if (WebSecurity.ResetPassword(passwordResetToken, newPassword)) {   
                disabledAttribute = @"disabled=""disabled""";
                isSuccess = true;
            } else {
                passwordResetTokenError = "The password reset token is invalid.";
                tokenExpired = true;
                isValid = false;
            }
        } else {
            isValid = false;
        }
    }
}

@if (!isValid) {
    <p class="message error">
        @if (tokenExpired) {
            <text>The password reset token is incorrect or may be expired. Visit the <a href="@Href("~/Account/ForgotPassword")">forgot password page</a> to generate a new one.</text>
        } else {
            <text>Could not reset password. Please correct the errors and try again.</text>
        }
    </p>
}

@if (isSuccess) {
    <p class="message success">
        Password changed! Click <a href="@Href("~/Account/Login")" title="Login">here</a> to login.
    </p>
}

<form method="post" action="">
    <fieldset>
        <legend>Password Change Form</legend>
        @if (!WebMail.SmtpServer.IsEmpty()) {
            <p>Please type in your new password below and click the <em>Reset Password</em> button to change your password.</p>
            <ol>
                <li class="new-password">
                    <label for="newPassword">New Password:</label> 
                    <input type="password" id="newPassword" name="newPassword" title="New Password" @disabledAttribute @if(!newPasswordError.IsEmpty()){<text>class="error-field"</text>} />
                    @if (!newPasswordError.IsEmpty()) {
                        <label for="newPassword" class="validation-error">@newPasswordError</label>
                    }
                </li>
                <li class="confirm-password">
                    <label for="confirmPassword">Confirm Password:</label> 
                    <input type="password" id="confirmPassword" name="confirmPassword" title="Confirm new password" @disabledAttribute @if(!confirmPasswordError.IsEmpty()){<text>class="error-field"</text>} />
                    @if (!confirmPasswordError.IsEmpty()) {
                        <label for="confirmPassword" class="validation-error">@confirmPasswordError</label>
                    }
                </li>
                <li class="reset-token">
                    <label for="resetToken">Password Reset Token:</label> 
                    <input type="text" id="resetToken" name="resetToken" value="@passwordResetToken" title="Password reset token" @disabledAttribute @if(!passwordResetTokenError.IsEmpty()){<text>class="error-field"</text>} />
                    @if (!passwordResetTokenError.IsEmpty()) {
                        <label for="resetToken" class="validation-error">@passwordResetTokenError</label>
                    }
                </li>
            </ol>
            <p class="form-actions">
                <input type="submit" value="Reset Password" title="Reset password" @disabledAttribute/>
            </p>
        } else {
            <p class="message info">
                Password recovery is disabled for this website because the SMTP server is 
                not configured correctly. Please contact the owner of this site to reset 
                your password.
            </p>
        }
    </fieldset>
</form>